I am wondering if it could be because there is only 1 DNS entry defined on the Juniper SSL VPN for the tunnel settings, the primary is filled in, the secondary not. What openconnect shows verbose (just the DNS settings, changed the internal IP/domains before sending) Received MTU 1360 from server Received DNS server 10.1.2.3 Received DNS server 255.255.255.255 Received DNS search domain mydomain.local Could be a coincidence, but the config on the Juniper has an empty field/entry for the secondary DNS. Can the "received DNS server ..." be assumed to be literally what the Juniper sent to the client, or could the client be filling that in for an empty entry? Thx Bruno On 07/11/16 16:27, David Woodhouse wrote: > On Mon, 2016-07-11 at 15:48 +0200, Bruno Tuteleers wrote: >> nameserver 255.255.255.255 > Hm, I don't see why we'd use 255.255.255.255 unless the server > explicitly asked us to. Maybe that's supposed to be treated as a > special case which means "don't set up DNS". But I don't see why they'd > do that. > > What does the Juniper client do in this situation? > -- ------------------------------------------------------------------------
